Export limit exceeded: 82314 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (82314 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-24085 | 1 Qualcomm | 547 5g Fixed Wireless Access Platform, 5g Fixed Wireless Access Platform Firmware, Apq8098 and 544 more | 2026-06-02 | 7.2 High |
| Memory Corruption when processing display command line information due to improper initialization of a variable. | ||||
| CVE-2026-24087 | 1 Qualcomm | 431 Ar8031, Ar8031 Firmware, Ar8035 and 428 more | 2026-06-02 | 7.2 High |
| Memory corruption while processing fastboot OEM commands. | ||||
| CVE-2026-24088 | 1 Qualcomm | 493 Ar9380, Ar9380 Firmware, Csr8811 and 490 more | 2026-06-02 | 8.2 High |
| Cryptographic Issue while processing a specific partition which allows unauthorized write access to load a customized bootloader. | ||||
| CVE-2026-24089 | 1 Qualcomm | 439 Ar8031, Ar8031 Firmware, Ar8035 and 436 more | 2026-06-02 | 7.2 High |
| Memory corruption while processing fastboot commands with invalid input. | ||||
| CVE-2026-24090 | 1 Qualcomm | 435 Ar8031, Ar8031 Firmware, Ar8035 and 432 more | 2026-06-02 | 7.1 High |
| Cryptographic issue while processing partition table entries allows unauthorized modification of boot flow. | ||||
| CVE-2026-24091 | 1 Qualcomm | 547 5g Fixed Wireless Access Platform, 5g Fixed Wireless Access Platform Firmware, Apq8098 and 544 more | 2026-06-02 | 7.2 High |
| Memory corruption while processing fastboot commands with improperly formatted input. | ||||
| CVE-2026-24092 | 1 Qualcomm | 437 Ar8031, Ar8031 Firmware, Ar8035 and 434 more | 2026-06-02 | 7.2 High |
| Memory Corruption when processing fastboot commands to set display mode. | ||||
| CVE-2024-52011 | 2026-06-02 | 8.3 High | ||
| launch-editor allows users to open files with line numbers in editor from Node.js. Prior to version 2.9.0, due to the insufficient sanitization of the `file` argument in the `launchEditor`, an attacker can execute arbitrary commands on Windows by supplying a filename that contains special characters. This issue has been fixed in the `launch-editor` version 2.9.0, corresponding to vite version 5.4.9. | ||||
| CVE-2026-45545 | 2026-06-02 | 8.2 High | ||
| Nextcloud is an open source content collaboration platform. From versions 0.7.0 to before 0.7.7, 0.8.0 to before 0.8.10, 0.9.0 to before 0.9.8, and 1.0.0 to before 1.0.4, an authenticated attacker with access to the Tables app may be able to execute arbitrary up to 20 bytes long SQL queries, through a stored injection. With carefully crafted input it is possible to break out of the length limitation. The attacker could use this to extract information from the database, or modify data. This issue has been patched in versions 0.7.7, 0.8.10, 0.9.8, 1.0.4, and 2.0.0. | ||||
| CVE-2026-25258 | 1 Qualcomm | 43 Cologne, Cologne Firmware, Fastconnect 6900 and 40 more | 2026-06-02 | 7.8 High |
| Memory corruption while processing IOCTL calls for escape operations. | ||||
| CVE-2026-25259 | 1 Qualcomm | 85 Cologne, Cologne Firmware, Fastconnect 6700 and 82 more | 2026-06-02 | 7.8 High |
| Memory corruption while processing multiple IOCTL command for escape operations. | ||||
| CVE-2026-25260 | 1 Qualcomm | 71 Cologne, Cologne Firmware, Fastconnect 6700 and 68 more | 2026-06-02 | 7.8 High |
| Memory Corruption when accessing shared buffers without validation of concurrent user-mode input modifications. | ||||
| CVE-2026-7528 | 2 Ibm, Langflow | 2 Langflow Oss, Langflow | 2026-06-02 | 7.1 High |
| IBM Langflow OSS 1.0.0 through 1.9.0 could allow a denial of service due to uncontrolled resource consumption. | ||||
| CVE-2026-10263 | 1 Sourcecodester | 1 Computer Repair Shop Management System | 2026-06-02 | 7.3 High |
| A vulnerability was found in SourceCodester Computer Repair Shop Management System up to 1.0. Affected is an unknown function of the file /admin/products/manage_product.php. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used. | ||||
| CVE-2024-7143 | 2 Pulpproject, Redhat | 5 Pulp, Ansible Automation Platform, Ansible Automation Platform Inside and 2 more | 2026-06-02 | 8.3 High |
| A flaw was found in the Pulp package. When a role-based access control (RBAC) object in Pulp is set to assign permissions on its creation, it uses the `AutoAddObjPermsMixin` (typically the add_roles_for_object_creator method). This method finds the object creator by checking the current authenticated user. For objects that are created within a task, this current user is set by the first user with any permissions on the task object. This means the oldest user with model/domain-level task permissions will always be set as the current user of a task, even if they didn't dispatch the task. Therefore, all objects created in tasks will have their permissions assigned to this oldest user, and the creating user will receive nothing. | ||||
| CVE-2026-5065 | 1 Ibm | 1 Controller | 2026-06-02 | 8.8 High |
| IBM Controller 11.0.1, 11.1.0, 11.1.1, and 11.1.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | ||||
| CVE-2026-38834 | 1 Tenda | 2 W30e, W30e Firmware | 2026-06-02 | 7.3 High |
| Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the do_ping_action function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2026-36045 | 1 Sipeed | 1 Picoclaw | 2026-06-02 | 7.3 High |
| picoclaw <=v0.1.2 and earlier is vulnerable to OS command injection via the ExecTool component (pkg/tools/shell.go). The guardCommand() function attempts to restrict shell command execution using a denylist of 8 regular expressions, but the denylist is incomplete. | ||||
| CVE-2026-10251 | 1 Itsourcecode | 1 Online House Rental System | 2026-06-02 | 7.3 High |
| A weakness has been identified in itsourcecode Online House Rental System 1.0. The impacted element is an unknown function of the file /ajax.php?action=login. Executing a manipulation of the argument Username can lead to sql injection. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2025-70363 | 1 Ibexa | 1 Ez Platform | 2026-06-02 | 7.5 High |
| Incorrect access control in the REST API of Ibexa & Ciril GROUP eZ Platform / Ciril Platform 2.x allows unauthenticated attackers to access sensitive data via enumerating object IDs. | ||||